TECHZONE™
الذهاب إلى القناة على Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
إظهار المزيد595
المشتركون
لا توجد بيانات24 ساعات
-17 أيام
-1030 أيام
أرشيف المشاركات
595
Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks
https://thehackernews.com/2024/12/joint-advisory-warns-of-prc-backed.html
A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People's Republic of China (PRC)-affiliated threat actors targeting telecommunications providers.
"Identified exploitations or compromises associated with these threat actors' activity align with existing weaknesses associated with victim infrastructure; no novel
595
Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console
https://thehackernews.com/2024/12/veeam-issues-patch-for-critical-rce.html
Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances.
The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing.
"From the VSPC management agent machine, under
595
Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access
https://thehackernews.com/2024/12/critical-sailpoint-identityiq.html
A critical security vulnerability has been disclosed in SailPoint's IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory.
The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions.
IdentityIQ "allows
595
Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses
https://thehackernews.com/2024/12/hackers-use-corrupted-zips-and-office.html
Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses.
"The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox," ANY.RUN said in a series of posts on X.
The
595
Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
https://thehackernews.com/2024/12/cisco-warns-of-exploitation-of-decade.html
Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).
The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack
595
NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise
https://thehackernews.com/2024/12/nachovpn-tool-exploits-flaws-in-popular.html
Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems.
"By targeting the implicit trust VPN clients place in servers, attackers can manipulate client behaviours, execute arbitrary commands, and gain high levels of access
595
North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks
https://thehackernews.com/2024/12/north-korean-kimsuky-hackers-use.html
The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft.
"Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said. "Then, from mid-September,
595
Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads
https://thehackernews.com/2024/12/horns-campaign-delivers-rats-via-fake.html
A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT.
The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end goal of these attacks is to leverage the access afforded by these trojans to install stealer
595
A Guide to Securing AI App Development: Join This Cybersecurity Webinar
https://thehackernews.com/2024/12/a-guide-to-securing-ai-app-development.html
Artificial Intelligence (AI) is no longer a far-off dream—it’s here, changing the way we live. From ordering coffee to diagnosing diseases, it’s everywhere. But while you’re creating the next big AI-powered app, hackers are already figuring out ways to break it.
Every AI app is an opportunity—and a potential risk. The stakes are huge: data leaks, downtime, and even safety threats if security
595
THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 - Dec 1)
https://thehackernews.com/2024/12/thn-recap-top-cybersecurity-threats.html
Ever wonder what happens in the digital world every time you blink? Here's something wild - hackers launch about 2,200 attacks every single day, which means someone's trying to break into a system somewhere every 39 seconds.
And get this - while we're all worried about regular hackers, there are now AI systems out there that can craft phishing emails so convincingly, that even cybersecurity
595
8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play
https://thehackernews.com/2024/12/8-million-android-users-hit-by-spyloan.html
Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs.
"These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions, which
595
INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million
https://thehackernews.com/2024/12/interpol-arrests-5500-in-global.html
A global law enforcement operation has led to the arrest of more than 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies.
The coordinated exercise saw the participation of authorities from 40 countries, territories, and regions as part of the latest wave of Operation HAECHI-V, which took place between July and
595
Wanted Russian Cybercriminal Linked to Hive and LockBit Ransomware Has Been Arrested
https://thehackernews.com/2024/11/wanted-russian-cybercriminal-linked-to.html
A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country.
According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key.
"At present,
595
AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections
https://thehackernews.com/2024/11/ai-powered-fake-news-campaign-targets.html
A Moscow-based company sanctioned by the U.S. earlier this year has been linked to yet another influence operation designed to turn public opinion against Ukraine and erode Western support since at least December 2023.
The covert campaign undertaken by Social Design Agency (SDA), leverages videos enhanced using artificial intelligence (AI) and bogus websites impersonating reputable news sources
595
Protecting Tomorrow's World: Shaping the Cyber-Physical Future
https://thehackernews.com/2024/11/protecting-tomorrows-world-shaping.html
The lines between digital and physical realms increasingly blur. While this opens countless opportunities for businesses, it also brings numerous challenges. In our recent webinar, Shaping the Cyber-Physical Future: Trends, Challenges, and Opportunities for 2025, we explored the different factors shaping the cyber-physical future. In an insightful conversation with industry experts, we discussed
595
Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks
https://thehackernews.com/2024/11/phishing-as-service-rockstar-2fa.html
Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials.
"This campaign employs an AitM [adversary-in-the-middle] attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multi-factor authentication (MFA)
595
Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks
https://thehackernews.com/2024/11/microsoft-fixes-ai-cloud-and-erp.html
Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild.
The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com.
"An
595
U.S. Citizen Sentenced for Spying on Behalf of China's Intelligence Agency
https://thehackernews.com/2024/11/us-citizen-sentenced-for-spying-on.html
A 59-year-old U.S. citizen who immigrated from the People's Republic of China (PRC) has been sentenced to four years in prison for conspiring to act as a spy for the country and sharing sensitive information about his employer with China's principal civilian intelligence agency.
Ping Li, 59, of Wesley Chapel, Florida, is said to have served as a cooperative contact for the Ministry of State
595
Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP
https://thehackernews.com/2024/11/over-two-dozen-flaws-identified-in.html
Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges.
"These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality,
595
The Future of Serverless Security in 2025: From Logs to Runtime Protection
https://thehackernews.com/2024/11/the-future-of-serverless-security-in.html
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is
متاح الآن! بحث تيليغرام 2025 — أهم رؤى العام 
